This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PA-3410: L3 interface configuration / ping from disconnected port?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PA-3410: L3 interface configuration / ping from disconnected port?

sascha0901
L1 Bithead

‎10-13-2023 03:35 AM

Hello everyone,

 

I got a PA-3410, it's up and running for a while as an internet gateway to a local network. It's configured with static ip4 addresses, source NAT, security zones, default route etc, everythings working good.

 

Recently I remotely configured an additional ethernet port (L3) but I'm not able to ping an internet destination with it (ping source [IP Adress of L3 Interface] host 8.8.8.8), although I'm able to ping local network adresses, for instance other L3 Ports of PA-3410.

In contrast to that, another interface I configured earlier works perfectly, although in CLI both configurations look identical (except IP adress for sure), same security zone, virtual router, etc.

 

So I think the only difference between the working and the non-working interface is that on the working one has a different link status as there is an end device connected, and the newly configured device has runtime link state down, as no device is connected (and never was to this port, yet).

 

So my assumption is, that it might not be possible to get a succesful ping to/from internet destinations if there is no end device connected. Am I right? In case yes, what's the explanation for this? 

Thanks a lot for your help

0 Likes Likes
3 REPLIES 3

sascha0901
L1 Bithead

‎10-14-2023 08:13 AM

Anyone got a hint here what to check? Currently I'm not able to physically connect a host to the port.

Thank you

0 Likes Likes

Raido_Rattameister
Cyber Elite
Cyber Elite

‎10-14-2023 04:35 PM

You can't initiate source ping to external resources from interface that is down.

Also interfaces that are down are not added to virtual router's forwarding table.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
(1)

sascha0901
L1 Bithead

‎10-16-2023 01:25 AM

this is what I assumed. Thank you very much for your help!

0 Likes Likes
  • 695 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks